Man-in-the-Middle Vulnerability in IBM Tivoli Identity Manager and Security Identity Manager
CVE-2014-6108

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Manager; Tivoli Identity Manager
Vendor: CVE Published:; 20 April 2018

Summary

An unencrypted connection in IBM Tivoli Identity Manager and Security Identity Manager can be exploited by attackers to intercept sensitive data. This flaw exists in multiple versions of the software, where improper handling of secured interfaces allows the potential for sensitive information leakage, making it crucial for organizations using affected products to implement immediate security measures to protect their systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21698020

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/96172

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2018
Vulnerability Reserved
Sep 2, 2014